World’s largest and highest valued chip manufacturer, Intel, which is 48 years old and worth $113 billion with revenues of $59 billion last year, has admitted a massive security failure. In an ‘urgent’ security update released yesterday, Intel has said that every enterprise PC powered by Intel, sold in the last 10 years, is vulnerable […]

World’s largest and highest valued chip manufacturer, Intel, which is 48 years old and worth $113 billion with revenues of $59 billion last year, has admitted a massive security failure.

In an ‘urgent’ security update released yesterday, Intel has said that every enterprise PC powered by Intel, sold in the last 10 years, is vulnerable to hacking. This is serious, and most probably biggest security failure reported and admitted by Intel.

Millions of enterprise computers, starting from 2008, and powered by Intel’s three most important technology platforms: Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability have been declared as vulnerable, and prone to hacking.

Enterprise users have been asked to update their systems with the patches provided by Intel as soon as possible.

The security update from Intel clearly mentions the fact that no consumer PC has been affected, and no data centre servers, powered by Intel Server Platform Services are affected.

What Is The Vulnerability Of Intel Based Enterprise PCs?

Management Engine (not CPU firmware) of Intel’s three most popular enterprise platforms: Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability have a security hole, using which hackers can remotely control the enterprise PCs, and wreak havoc.

Intel, in their security update, said, “There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products.”

Thus, this security hole can be theoretically found in every Intel enterprise platform, right from Nehalem, shipped in 2008 to recent Core processors. Every enterprise PC powered with versions 6.0 through 11.6 of Intel’s manageability firmware are now vulnerable to hacking.

Now, if we observe the main usage of Intel Active Management Technology, then it is used by system administrators of large organisations to remotely track, manage and secure thousands of connected PCs. For example, Walmart may be using such enterprise PCs to monitor thousands of retail checkout systems, controlled via one main hub.

If hacked, a hacker can take control of the whole fleet of computers, and then can manipulate or steal data, as per his wish.

Note here, that Intel has already said, “We are not aware of any exploitation of this vulnerability,”

Intel Offers Solutions; Asks Enterprise Users To Update Immediately

In their security advisory, Intel has strongly pushed for an overall security check for all enterprise PC users, and update their firmware as soon as possible.

First of all, Intel asks all users to check whether they have Intel AMT, Intel SBA or Intel ISM processors in their systems, by visiting here. If the users don’t have these Intel platforms, there is nothing to worry. (but, some security analysts are saying that even if these Intel processors are not present, the threat is always there.)

Govt. of India’s Swatch Bharat Mission (Clean India Mission) has now been expanded into the digital world as well, quite literally. In one of the most useful missions ever launched under Digital India and Swatch Bharat, Govt. has launched a specialized hub called Bot Cleaning & Malware Analysis Centre, named as Cyber Swachhta Kendra in […]

Govt. of India’s Swatch Bharat Mission (Clean India Mission) has now been expanded into the digital world as well, quite literally. In one of the most useful missions ever launched under Digital India and Swatch Bharat, Govt. has launched a specialized hub called Bot Cleaning & Malware Analysis Centre, named as Cyber Swachhta Kendra in India.

You can get free anti-virus and bot removal tools for your desktops, laptops, mobile phones and even USP port.

Cyber Swachhta Kendra: Free Anti-Virus For All

Information Technology Ministry has launched Cyber Swachhta Kendra or Bot Cleaning & Malware Analysis Centre, allocating a budget of Rs 90 crore which would be spread across 5 years. This has specialised packages for both startups, businesses and consumers who are operating desktops, laptops and mobile phones.

While inaugurating this centre, Minister Ravi Shankar Prasad said, “I would like ISPs (Internet Service Provider) to encourage their consumers to come on board, there is a free service available. Come and use it in the event some malware has sneaked into the system,”

At the time of writing, 58 ISPs and 13 banks have joined this forum for cleaning their systems, using the tools provided within this centre.

As per the system proposed as of now, The Indian Computer Emergency Response Team (Cert-In) will monitor and identify malware, botnet and virus infected systems across various industries (finance, media, manufacturing, banking etc), and then send the information to ISPs and the concerned entities.

The users would be then be provided with the link to this website, which will have all the necessary tools to make the system clean.

As of now, Standardization Testing and Quality Certification (STQC), which is a division within Ministry of Electronics and IT charges a fees of Rs 8-10 lakh for scanning and disinfecting large IT systems of corporate entities. However, the fees would be brought down to the level of Rs 4-5 lakh for startups who are into the cyber security niche.

More details are awaited…

Download Free Anti-Virus Tools

As of now, there exists 5 major anti-virus and malware removal tools, which can be instantly downloaded by any user in India.

The most prominent among them is Free Bot Removal Tool, which would be provided in association with QuickHeal. You can download it here.

M-Kavach is the name of the anti-virus tool for mobile phones, which can be downloaded here.

USB Pratirodh (USB Protector) is the name of the tool for cleaning storage devices like USBs, external hard-disk and memory cards. You can download the tool here.

AppSamvid is a desktop based whitelisting solution, only for Windows OS. You can download it here.

Besides, there is a specialised tool for detecting and cleaning malicious HTML & JavaScript files in the browser as well, called Browser JSGuard. You can download it here for Firefox and for Chrome here.

Besides, a specialised National Cyber Coordination Centre (NCCC) would be established by CERT-In by June of 2017, for which a budget of Rs 900 crore has been allocated. This will monitor and examine all cyber attacks being conducted inside India, and on Indian websites.